Appl. No. 09/998,895 
Amdt. dated April 9, 2008 
Amendment under 37 CFR 1.114 
Request for Continued Examination 

AMENDMENTS TO THE CLAIMS 

Please canceled claim 40 without prejudice or disclaimer. This listing of claims 
will replace all prior versions, and listings of claims in the application. 

Listing of Claims: 

1 . (Currently Amended) A computer-implemented method for using workflows, the 
method comprising the steps of: 

associating workflows with one or more groups in an identity system, each group 
including one or more users of the identity system; 

receiving a request to perform a task that pertains to at least one target identity 
profile of an entity in said identity system; and 

performing a first workflow for said task, said first workflow is associated with a 
first group that includes the target identity profile; 

wherein: 

said request includes an identification of said target identity profile; 

said step of performing includes the steps of identifying a plurality of 
workflows that perform said task and are associated with groups that include said target 
identity profile, said plurality of workflows includes said first workflow, reporting said 
plurality of workflows to a user via a Graphical User Interface (GUI), receiving from the 
user via the GUI a selection of said first workflow from the plurality of workflows, and 
performing one or more steps of said first workflow; 

said first workflow comprises a predefined set of steps that perform said 
task to affect modify one or more attributes of the target identity profile, said predefined 
set of steps comprising a first step and a second step; 

said first step is performed by a first program; 

said second step is performed by a second program; 
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information is passed between said first program and said second program 
according to a defined set of rules; and 

at least one of the first program and the second program is external to the 

workflow. 

2. (Previously Presented) A method according to claim 1, wherein: 

said step of associating includes associating said first workflow with said flrst 
group, said step of associating said first workflow includes choosing a flrst entry in a data 
structure, said data structure is a hierarchical data structure of entities in the identity system, said 
flrst domain includes said flrst entry and entries below said first entry. 

3. (Previously Presented) A method according to claim 2, wherein: 

said step of performing includes identifying one or more workfiows associated 
with said target identity profile. 

4. (Canceled) 

5. (Previously Presented) A method according to claim 1, wherein: 
said request is a request to delete said target identity profile. 

6. (Previously Presented) A method according to claim 1, wherein: 
said request is a request to modify said target identity profile. 

7. (Canceled) 

8. (Canceled) 

9. (Original) A method according to claim 1, wherein: 

said steps of associating, receiving and performing are performed by an integrated 
identity and access system. 
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10. (Original) A method according to claim 1, wherein: 
said request is for self-registration. 

1 1 . (Original) A method according to claim 1 , wherein: 
said request is from a parent workflow; and 

said first workflow is a sub-workflow to said parent workflow. 

12. (Canceled) 

13. (Previously Presented) A method according to claim 2, wherein: 
said hierarchical data structure includes an LDAP directory. 

14. (Currently Amended) One or more processor readable storage devices having 
processor readable code embodied on said processor readable storage devices, said processor 
readable code for programming one or more processors to perform a method comprising the 
steps of 

associating workflows with one or more groups in an identity system, each group 
including one or more users of the identity system; 

receiving a request to perform a task that pertains to at least one target identity 
proflle of an entity in said identity system; and 

performing a flrst workflow for said task, said first workflow is associated with a 
flrst group that includes the target identity profile; 

wherein: 

said request includes an identification of said target identity profile; 

said step of performing includes the steps of identifying a plurality of 
workfiows that perform said task and are associated with groups that include said target 
identity profile, said plurality of workflows includes said flrst workflow, reporting said 
plurality of workflows to a user via a Graphical User Interface (GUI), receiving from the 
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user via the GUI a selection of said first workflow from the plurality of workflows, and 
performing one or more steps of said first workfiow; 

said first workfiow comprises a predefined set of steps that perform said 
task to affect modify one or more attributes of the target identity profile, said predefined 
set of steps comprising a first step and a second step; 

said first step is performed by a first program; 

said second step is performed by a second program; 

information is passed between said first program and said second program 
according to a defined set of rules; and 

at least one of the first program and the second program is external to the 

workflow. 

15. (Previously Presented) One or more processor readable storage devices according 
to claim 14, wherein: 

said step of associating includes associating said flrst workflow with said flrst 
group, said step of associating said first workflow includes choosing a flrst entry in a data 
structure, said data structure is a hierarchical data structure of entities in the identity system, said 
flrst domain includes said flrst entry and entries below said first entry. 

16. (Previously Presented) One or more processor readable storage devices according 
to claim 15, wherein: 

said step of performing includes identifying one or more workfiows associated 
with said target identity profile. 

17. (Canceled) 

18. (Canceled) 

19. (Canceled) 
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20. (Original) One or more processor readable storage devices according to claim 14, 
wherein: 

said steps of associating, receiving and performing are performed by an integrated 
identity and access system. 

21 . (Original) One or more processor readable storage devices according to claim 14, 
wherein: 

said request is from a parent workflow; and 

said first workflow is a sub-workfiow to said parent workfiow. 

22. (Canceled) 

23. (Previously Presented) One or more processor readable storage devices according 
to claim 15, wherein: 

said hierarchical data structure includes an LDAP directory. 

24. (Currently Amended) An apparatus that uses workflows, comprising: 
a communication interface; 

one or more processor in communication with said communication interface, said 
one or more processors perform a method comprising the steps of 

associating workflows with one or more groups in an identity system, each 
group including one or more users of the identity system; 

receiving a request to perform a task that pertains to at least one target 
identity profile of an entity in said identity system; and 

performing a first workfiow for said task, said first workfiow is associated 
with a first group that includes the target identity profile; 
wherein: 

said request includes an identification of said target identity 

profile; 
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said step of performing includes the steps of identifying a plurality 
of workflows that perform said task and are associated with groups that include said 
target identity profile, said plurality of workflows includes said first workflow, reporting 
said plurality of workflows to a user via a Graphical user Interface (GUI), receiving from 
the user via the GUI a selection of said first workflow from the plurality of workflows, 
and performing one or more steps of said first workflow; 

said first workfiow comprises a predefined set of steps that 
perform said task to affect modify one or more attributes of the target identity profile, 
said predefined set of steps comprising a first step and a second step; 

said first step is performed by a first program; 

said second step is performed by a second program; 

information is passed between said first program and said second 
program according to a defined set of rules; and 

at least one of the first program and the second program is external 
to the workflow. 

25. (Previously Presented) An apparatus according to claim 24, wherein: 

said step of associating includes associating said flrst workflow with said flrst 
group, said step of associating said first workflow includes choosing a flrst entry in a data 
structure, said data structure is a hierarchical data structure of entities in the identity system, said 
flrst domain includes said flrst entry and entries below said first entry. 

26. (Previously Presented) An apparatus according to claim 25, wherein: 

said step of performing includes identifying one or more workfiows associated 
with said target identity profile and entries in said hierarchical data structure that are above said 
target identity profile. 

27. (Canceled) 
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28. (Canceled) 

29. (Canceled) 

30. (Original) An apparatus according to claim 24, wherein: 

said one or more processors are part of an integrated identity and access system. 

3 1 . (Original) An apparatus according to claim 24, wherein: 
said request is from a parent workflow; and 

said first workflow is a sub-workflow to said parent workflow. 

32. (Canceled) 

33. (Previously Presented) An apparatus according to claim 25, wherein: 
said hierarchical data structure includes an LDAP directory. 

34. (Previously Presented) A method according to claim 1, wherein said task 
comprises managing said target identity profile. 

35. (Previously Presented) A method according to claim 34, wherein managing said 
identity profile comprises one or more tasks selected from the group consisting of: creating a 
user, deleting a user, changing a user attribute, creating a group, deleting a group, and changing a 
group attribute. 

36. (Previously Presented) A method according to claim 34, wherein managing said 
identity profile comprises managing a certificate associated with said identity profile. 

37. - 38. (Canceled) 
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39. (Currently Amended) A computer-implemented method for using workflows, the 
method comprising: 

associating workflows with one or more groups in an identity system, each group 
including one or more users of the identity system and each user of the identity system having an 
associated identity profile; 

receiving a request to perform a task that pertains to a target identity profile in the 
identity system, wherein the request includes an identification of the target identity profile; 

identifying a plurality of workflows that perform the task and are associated with 
groups that include the user associated with the target identity profile; 

reporting the plurality of workflows via a Graphical User Interface (GUI) in 
response to the request; 

receiving a user selection of a first workflow from the plurality of workflows via 

the GUI; and 

performing a first step of said first workflow with a first program to affect modify 
one or more attributes of the target identity profile, wherein the first program comprises one of a 
user manager, a group manager, and an organization manager; and 

performing a second step of said first workflow with a second program, wherein 
the second program comprises one of the user manager, the group manager, and the organization 
manager and wherein the second program is different from the first program. 

40. (Canceled) 

41 . (Currently Amended) The method of claim 39, wherein performing one or more 
steps of the first workflow to affect modify one or more attributes of the target identity profile 
includes deleting the target identity profile. 

42. (Previously Presented) The method of claim 39, wherein receiving the request to 
perform the task that pertains to the target identity profile comprises receiving the request from 
the user associated with the target identity profile. 
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43. (Previously Presented) The method of claim 42, wherein receiving the user 
selection of the first workflow from the set of one or more workflows comprises receiving the 
user selection from the user associated with the target identity profile. 

44. (Currently Amended) The method of claim 39, wherein said second program 
performs a second workflow to affect modify one or more attributes of the target identity profile. 

45. (Previously Presented) The method of claim 39, wherein the second program is 
identified in an event catalog of the first workflow. 

46. (Previously Presented) The method of claim 45, wherein the event catalog further 
identifies one or more parameters for passing information between the first program and the 
second program. 

Please add the following new claims: 

47. (New) The method of claim 1, wherein identifying the plurality of workflows that 
perform the task and are associated with the groups that include the target identity profile further 
comprises identifying workflows of the plurality of workflows for which a user issuing the 
request to perform the task is authorized. 

48. (New) The method of claim 47, wherein the groups that include the target 
identity profile include one or more groups to which the target identity profile is a static member. 

49. (New) The method of claim 48, wherein the target identity profile is identified as 
a static member of the one or more groups based on a group identity profile for each of the one 
or more groups. 
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50. (New) The method of claim 49, wherein the groups that include the target 
identity profile include one or more groups to which the target identity profile is a dynamic 
member. 

5 1 . (New) The method of claim 50, wherein the target identity profile is identified as 
a dynamic member of the one or more groups based on application of a rule defined by the group 
identity profile for each of the one or more groups 

52. (New) The method of claim 5 1 , wherein the groups that include the target 
identity profile include one or more groups to which the target identity profile is a nested 
member. 

53. (New) The method of claim 52, wherein the target identity profile is identified as 
a dynamic member of the one or more groups based on the combined set of one or more groups 
to which the target identity profile is a static member and the one or more groups to which the 
target identity profile is a dynamic member. 
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